The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
The administrative files within a NIS domain are NIS maps, which
are dbm
-format files that you generate from
existing configuration files such as
/etc/passwd
, /etc/shadow
,
and /etc/groups
. Each map is indexed on one
field, and records are retrieved by specifying a value from that
field. Some source files such as /etc/passwd
have two maps:
-
passwd.byname
Indexed on user name.
-
passwd.byuid
Indexed on user ID.
The /var/yp/nicknames
file contains a list of
commonly used short names for maps such as
passwd
for passwd.byname
and group
for
group.byname
.
You can use the ypcat command to display the contents of a NIS map, for example:
# ypcat - passwd | grep 500
guest:$6$gMIxsr3W$LaAo...6EE6sdsFPI2mdm7/NEm0:500:500::/nethome/guest:/bin/bash
As the ypcat command displays password hashes to any user, this example demonstrates that NIS authentication is inherently insecure against password-hash cracking programs. If you use Kerberos authentication, you can configure password hashes not to appear in NIS maps, although other information that ypcat displays could also be useful to an attacker.
For more information, see the ypcat(1)
manual
page.